Join us on Slack!
Don't judge the unknown - Grindordie
Sunday, May 26, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 61
Guests Online: 61
Members Online: 0

Registered Members: 114245
Newest Member: aliadam
Latest Articles
View Thread

HellBound Hackers | Computer General | General Computer Problems

Page 1 of 2 1 2 >
Author

a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 26-11-14 10:40
can anyone tell me how long it will take to bruteforce a md5 hash possible with a password containing letter, number,special chars and maybe 9 char long maybe. or any other method would be appreciated any program code also only in c, c++ or java thnx in advance Grin
Author

RE: a hash and.....

Huitzilopochtli
Member



Posts: 1614
Location:
Joined: 19.02.13
Rank:
God
Posted on 26-11-14 16:52
It take forever.

But........fear not noob ...........here be Bozocrack.

Alas, the BozoCrack algorithm adds a whole new dimension of vulnerability to MD5, as Salonen commented: "BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load."


How does BozoCrack do its voodoo? The author explains: "Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. It works way better than it ever should."


https://github.com/juuso/BozoCrack

Edited by Huitzilopochtli on 26-11-14 18:14
Author

RE: a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 27-11-14 06:59
can i run it on window and its ruy if im reading correctly so any readme would do fine
edit] and it dosent work just load the hash but no window appears for ans or txt file that i know so but hey thnx for the effortThumbs Up

Edited by someone_lost on 27-11-14 07:42
Author

RE: a hash and.....

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 27-11-14 11:34
It is perfectly working for me...
Author

RE: a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 27-11-14 15:05
ok so where are decrypted plain text is ?
Author

RE: a hash and.....

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 27-11-14 20:36
When you run the program it spits out the plaintext password just in front of your eyes... in the terminal window... you are using the terminal, aren't you?
Author

RE: a hash and.....

Huitzilopochtli
Member



Posts: 1614
Location:
Joined: 19.02.13
Rank:
God
Posted on 28-11-14 04:49
Him no have RUby installed.

Him double click on Bozocrack.rb file for a Hour, before give up. Tee-Hee-Hee
Author

RE: a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 28-11-14 05:59
Him no have RUby installed.

Him double click on Bozocrack.rb file for a Hour, before give up.

him so fun fun me happy GrinGrinGrin
When you run the program it spits out the plaintext password just in front of your eyes... in the terminal window... you are using the terminal, aren't you?

yes terminal in linux
when executing command: $ ruby bz.rb hashfile.txt
ans : "1 hash file loaded" only that then passes to the cursor
no plain text and bz is file name of ruby and hash is txt for my hash

Him no have RUby installed.

him have on liux par but no work him tell me or him seeTee-Hee-Hee
him send post useless waaahahahahGrin
not on cmd or terminal or editrocket alsoTut-tut
im sending hash check it out :" Removed Hash "

Edited by rex_mundi on 28-11-14 11:33
Author

RE: a hash and.....

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 28-11-14 09:59
im sending hash check it out :" Removed Hash "


^^^^^ seems legit ^^^^^

You are trying to decrypt an MD5 hash.... goooooood luck with this one lol Thumbs Up

Edited by rex_mundi on 28-11-14 11:33
Author

RE: a hash and.....

Huitzilopochtli
Member



Posts: 1614
Location:
Joined: 19.02.13
Rank:
God
Posted on 28-11-14 10:12
This best part of description. Tee-Hee-Hee

BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.
It works way better than it ever should.



"Removed Hash" that salted FreeBSD md5

Edited by rex_mundi on 28-11-14 11:57
Author

RE: a hash and.....

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 28-11-14 11:52
We'll keep the mysterious hash limited to whispered conversations, and the PM inboxes of anyone who's interested.

Rather not leave a public record of it on the forum for the world to gaze at.

Cheers. Thumbs Up
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 28-11-14 13:46
oh man rex just wtf man ok i send pm to both of you then check and give answer man
This best part of description. Tee-Hee-Hee

yep he totally did it man
ou are trying to decrypt an MD5 hash.... goooooood luck with this one lol

at last you finally understood what this conversation is al about my hard works paysTee-Hee-Hee
@Huitzilopochtli your inbox is full man ive send it to cypher ask him yhnx
man

Edited by someone_lost on 28-11-14 13:59
Author

RE: a hash and.....

Huitzilopochtli
Member



Posts: 1614
Location:
Joined: 19.02.13
Rank:
God
Posted on 28-11-14 14:36
No.

He laughing for you try decrypt md5 ......but you no listen, it no ordinary md5

md5 like this 1f03bee69c31b72bffc380b06d786b60

No like this $1$U/l0ve$the/BoABy/YaR0asT3r.

Use jtr.

Edited by Huitzilopochtli on 28-11-14 14:51
Author

RE: a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 28-11-14 15:05
nope its md5 hash for**** salted md5 and john tr is not a good choice for it dude just google it if you want to know more its is md5

Edited by someone_lost on 28-11-14 18:54
Author

RE: a hash and.....

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 28-11-14 17:23
someone_lost wrote:
at last you finally understood what this conversation is al about my hard works paysTee-Hee-Hee


Oh my man, I never laughed so hard... that's freakin' awesome, you rock bro!!
Author

RE: a hash and.....

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 28-11-14 17:31
someone_lost wrote:
nope its md5 hash for cisco ios and john tr is not a good choice for it dude just google it if you want to know more its is md5


Ok so, I'm not really good at this but I was searching on Wikipedia and I see:

The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number


And if I search on Wikipedia something about this hexadecimal thing I get:

In mathematics and computing, hexadecimal (also base 16, or hex) is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0–9 to represent values zero to nine, and A, B, C, D, E, F (or alternatively a–f) to represent values ten to fifteen.


So, if only numbers from 0 to 9 and letters from A to F are allowed... how can I use chars like '$' and '/' on an MD5 hash?

Edited by MrCyph3r on 29-11-14 09:59
Author

RE: a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 28-11-14 18:32
im sorry ive not known it before but its salted md5
@Huitzilopochtli bozo will not work on salted
"Removed Hash" that salted FreeBSD md5

wow thnx dude not way that ive known that
@cypher search salted md5
so where were we any suggestionShock
and thats why it cant be googled
but thnx for the efforts guysThumbs Up

Edited by someone_lost on 28-11-14 18:58
Author

RE: a hash and.....

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 28-11-14 22:26
... unbelievable ...



Anyway, back on topic, I'm serious right now...

For me it looks like a Cisco Type 5 password and so you have:

$1$<a salt which is 4 bytes long>$<the actual hash>

This type of hash is similar to the one you would typically find on unix distros.
I say similar because classic salts, in the other version, are of exactly 8 bytes.

But that doesn't change anything from cracking perspective, you can still use the same methods, including JTR.

Edited by MrCyph3r on 29-11-14 00:07
Author

RE: a hash and.....

Huitzilopochtli
Member



Posts: 1614
Location:
Joined: 19.02.13
Rank:
God
Posted on 29-11-14 01:44
Cisco uses the same FreeBSD-derived hashing method that John readily supports.
You can use the following "sed" one-liner to extract passwords from Cisco IOS config files in a format usable by John:

sed -n 's/[ :]/_/g; s/^\(.\{1,\}\)_5_\($1$[$./0-9A-Za-z]\{27,31\}\)_*$/\1:\2/p' < cisco-device-config > passwd

(It might work with config files from non-IOS Cisco devices as well, but I have not tried that.)

With these lines (and more) in cisco-device-config:

enable secret level 2 5 $1$WhZT$YYEI3f0wwWJGAXtAayK/Q.
enable secret 5 $1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 the sed script's output is:

enable_secret_level_2:$1$WhZT$YYEI3f0wwWJGAXtAayK/Q.
enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0

which John cracks like this:

Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])

test (enable_secret_level_2) guesses: 1 time: 0:00:00:18 8% (2) c/s: 2033 trying: tricky1


http://www.openwall.com/lists/john-users/2006/05/14/8

Edited by Huitzilopochtli on 29-11-14 01:47
Author

RE: a hash and.....

someone_lost
Banned

Your avatar

Posts: 37
Location:
Joined: 14.10.14
Rank:
Monster
Warn Level: 100
Posted on 29-11-14 06:13
guys guys hold on the main prospectivr of tjhis toipic
is bruteforce against time and you now how much time it wouls take to bypass this hash any idiea well some guy told me :
It take forever.

But........fear not noob ..

so we are back to were we started any sugestions
becus i can wait eternity to pass this hash b/ there are oyher things to do so better than jtr
guys any other method also appreciated this threadis gong way out of is objective so rather giving some bullsht be more realistic and give advice after some resarch toodlesTee-Hee-Hee
... unbelievable ...

@cyper what for lol rofl lolGrinGrinGrinGrin
For me it looks like a Cisco Type 5 password and so you have:

$1$<a salt which is 4 bytes long>$<the actual hash>

This type of hash is similar to the one you would typically find on unix distros.
I say similar because classic salts, in the other version, are of exactly 8 bytes

why are you telling me that i already know its md5crypt used in some unix and linus a one war tranformation of hash by some algo blah blah
just spill the way how to crack it in considerable timelol
Cisco uses the same FreeBSD-derived hashing method that John readily supports.
You can use the following "sed" one-liner to extract passwords from Cisco IOS config files in a format usable by John:

sed -n 's/[ :]/_/g; s/^\(.\{1,\}\Wink_5_\($1$[$./0-9A-Za-z]\{27,31\}\Wink_*$/\1:\2/p' < cisco-device-config > passwd

(It might work with config files from non-IOS Cisco devices as well, but I have not tried that.)

With these lines (and more) in cisco-device-config:

enable secret level 2 5 $1$WhZT$YYEI3f0wwWJGAXtAayK/Q.
enable secret 5 $1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 the sed script's output is:

enable_secret_level_2:$1$WhZT$YYEI3f0wwWJGAXtAayK/Q.
enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0

which John cracks like this:

Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])

test (enable_secret_level_2) guesses: 1 time: 0:00:00:18 8% (2) c/s: 2033 trying: tricky1


ok lets test the jtr then wait .......
wait ......
a little more.....
alitlle more......
wait.........
wait........
thnaks for waiting but there are still 38398475675 years left so happy waiting lollollololololollolol GrinGrinGrinGrinGrin
hws thatThumbs Up
i have tried many soft including jtr takig lots time so something better
according to your rank matesThumbs Up

Edited by someone_lost on 29-11-14 07:22
Page 1 of 2 1 2 >